cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Gaurav.Soni
AppDynamics Team (Retired)

Problem:

 

The user has instrumented a web application with version 4.3 adrum-config.js, but they do not see the adrum beacon posted.

 

Opening a browser's dev tools shows the following error message:

 

html:51 A Parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.appdynamics.com/adrum/adrum.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message.See https://www.chromestatus.com/feature/5718547946799104 for more details.

 

Solution:

 

Users who try to run the document.write command from the adrum-config.js file will fail, as the file is served from a different domain, so the browser will not allow it.

 

  1. To resolve this issue, one option is to use the adrum-config script inline within the head tag.
  2. Another option is to remove the document.write code from the adrum-config.js file and add the adrum.js manually via the script tag.

 

Example:

Within the adrum-config.js file:

window['adrum-start-time'] = new Date().getTime();
(function(config){
    config.appKey = 'AD-AAB-XXX-XXX';
    config.adrumExtUrlHttp = 'http://cdn.appdynamics.com';
    config.adrumExtUrlHttps = 'https://cdn.appdynamics.com';
    config.beaconUrlHttp = 'http://col.eum-appdynamics.com';
    config.beaconUrlHttps = 'https://col.eum-appdynamics.com';
    config.xd = {enable : false};
})(window['adrum-config'] || (window['adrum-config'] = {}));

 

And within the index.html:

<html lang="en">
  <head>
    <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
 ...
 ...
 <script src="/assets/adrum/adrum-config.js"></script>
 <script src="https://cdn.appdynamics.com/adrum/adrum.js"></script>
 ...
 ...
  </head>
  <body>
      ...
      ...
  </body>
</html>

 

Comments
alakshya.maheria
Architect

Hi Erin, Gaurav,

This helped me a lot. however my issue was the application team had incorporated content default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; CSP policy. Therefore the above solution did not work completely.

Below is what worked out.

Add cdn.appdynamics.com and col.eum-appdynamics.com to the content in the CSP policy as below

content="default-src 'self' cdn.appdynamics.com col.eum-appdynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.appdynamics.com col.eum-appdynamics.com;"

PLUS your changes that you have suggested.

Regards,

Alakshya

Gaurav.Soni
AppDynamics Team (Retired)

HI Alakshya,

 

Thanks for pointing. That bit is covered here: https://docs.appdynamics.com/pages/viewpage.action?pageId=42584066

 

Regards,

Gaurav Soni

alakshya.maheria
Architect

Thanks for the reference Gaurav.

Regards,

Version history
Last update:
‎10-12-2018 02:33 PM
Updated by: